2.

4 Analyzing Indicators of Malicious Activity:

Malware Attacks:

1. Ransomware:
 Indicators:
 Sudden encryption of files.
 Ransom notes demanding payment.
2. Trojan:
 Indicators:
 Unauthorized access or data theft.
 Unexpected system behavior.
3. Worm:
 Indicators:
 Rapid spread across the network.
 Unusual network traffic patterns.
4. Spyware:
 Indicators:
 Unauthorized data collection.
 Suspicious network connections.
5. Bloatware:
 Indicators:
 Excessive resource consumption.
 Unwanted pop-ups or advertisements.
6. Virus:
 Indicators:
 Replication and spreading to other files.
 Altered or corrupted files.
7. Keylogger:
 Indicators:
 Unusual keyboard input patterns.
 Unauthorized access to sensitive data.
8. Logic Bomb:
 Indicators:
 Unexpected system behavior triggered by specific conditions.
 Malicious activities occurring after a specific event.
9. Rootkit:
 Indicators:
 Concealed presence within the system.
 Unauthorized access to privileged areas.

Physical Attacks:
 1. Brute Force:
 Indicators:
 Repeated login attempts.
 Account lockouts.
2. RFID Cloning:
 Indicators:
 Unauthorized access using cloned RFID credentials.
3. Environmental:
 Indicators:
 Physical damage to hardware.
 Unusual environmental conditions affecting equipment.

Network Attacks:

1. DDoS (Amplified/Reflected):
 Indicators:
 Sudden traffic spikes.
 Service unavailability.
2. DNS Attacks:
 Indicators:
 Spoofed or manipulated DNS responses.
 Unusual DNS query patterns.
3. Wireless Attacks:
 Indicators:
 Unauthorized access to the wireless network.
 Anomalies in wireless traffic.
4. On-Path Attacks:
 Indicators:
 Intercepted or manipulated network traffic.
 Unauthorized access to network communication.
5. Credential Replay:
 Indicators:
 Reuse of intercepted or stolen credentials.
6. Malicious Code:
 Indicators:
 Unexpected system behavior.
 Unusual network communication.

Application Attacks:

1. Injection:
 Indicators:
  Unexpected data manipulation or access.
 Unauthorized data retrieval.
2. Buffer Overflow:
 Indicators:
 Abnormal program termination.
 Unusual memory usage patterns.
3. Replay:
 Indicators:
 Repeated or reused transactions.
 Duplicate data submissions.
4. Privilege Escalation:
 Indicators:
 Unauthorized access to elevated privileges.
 Unusual user activity.
5. Forgery:
 Indicators:
 Manipulated or falsified data.
 Unauthorized access based on false credentials.
6. Directory Traversal:
 Indicators:
 Unauthorized access to directory structures.
 Unusual file access patterns.

Cryptographic Attacks:

1. Downgrade:
 Indicators:
 Use of weaker cryptographic algorithms.
 Compromised security protocols.
2. Collision:
 Indicators:
 Unintentional matching of cryptographic hash values.
3. Birthday:
 Indicators:
 Cryptographic collisions due to the birthday paradox.

Password Attacks:

1. Spraying:
 Indicators:
 Repeated login attempts with common passwords.
 System alerts for multiple failed logins.
 2. Brute Force:
 Indicators:
 Repeated login attempts.
 Account lockouts.

Indicators:

1. Account Lockout:
 Indicators:
 Frequent or prolonged account lockouts.
 Increase in failed login attempts.
2. Concurrent Session Usage:
 Indicators:
 Unexpected simultaneous logins from different locations.
3. Blocked Content:
 Indicators:
 Content filtering or access restrictions triggered.
4. Impossible Travel:
 Indicators:
 Logins from geographically distant locations in a short
timeframe.
5. Resource Consumption:
 Indicators:
 Abnormally high utilization of system resources.
6. Resource Inaccessibility:
 Indicators:
 Unavailability of critical resources.
 Unauthorized access to restricted areas.
7. Out-of-Cycle Logging:
 Indicators:
 Logging activity outside expected timeframes.
 Unusual patterns in log entries.
8. Published/Documented:
 Indicators:
 Discovery of sensitive